diff options
author | Ezra Peisach <epeisach@mit.edu> | 2008-08-14 05:09:12 +0000 |
---|---|---|
committer | Ezra Peisach <epeisach@mit.edu> | 2008-08-14 05:09:12 +0000 |
commit | 98977c054ef689fbbc0b245309ee58fe0503196d (patch) | |
tree | 2c42c186e77ffa83918304671fde44bd931db19e /src/lib/krb5/ccache | |
parent | 9a8dbb4c8c3d1af6168fb37b23efee1146242e8c (diff) | |
download | krb5-98977c054ef689fbbc0b245309ee58fe0503196d.zip krb5-98977c054ef689fbbc0b245309ee58fe0503196d.tar.gz krb5-98977c054ef689fbbc0b245309ee58fe0503196d.tar.bz2 |
Error return from krb5int_random_string not tested in ccache code
krb5int_random_string should probably only fail on malloc
failure. Test for an error return from the function and cleanup
properly (release mutex, return error instead of using uninitialized
memory).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20655 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/ccache')
-rw-r--r-- | src/lib/krb5/ccache/cc_keyring.c | 8 | ||||
-rw-r--r-- | src/lib/krb5/ccache/cc_memory.c | 7 |
2 files changed, 13 insertions, 2 deletions
diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c index 638db3c..163ad30 100644 --- a/src/lib/krb5/ccache/cc_keyring.c +++ b/src/lib/krb5/ccache/cc_keyring.c @@ -874,7 +874,13 @@ krb5_krcc_generate_new(krb5_context context, krb5_ccache * id) * a unique name, or we get an error. */ while (1) { - krb5int_random_string(context, uniquename, sizeof(uniquename)); + kret = krb5int_random_string(context, uniquename, sizeof(uniquename)); + if (kret) { + k5_mutex_unlock(&krb5int_krcc_mutex); + free(lid); + return kret; + } + DEBUG_PRINT(("krb5_krcc_generate_new: searching for name '%s'\n", uniquename)); key = keyctl_search(ring_id, KRCC_KEY_TYPE_KEYRING, uniquename, 0); diff --git a/src/lib/krb5/ccache/cc_memory.c b/src/lib/krb5/ccache/cc_memory.c index 504dccb..0014407 100644 --- a/src/lib/krb5/ccache/cc_memory.c +++ b/src/lib/krb5/ccache/cc_memory.c @@ -471,7 +471,12 @@ krb5_mcc_generate_new (krb5_context context, krb5_ccache *id) while (1) { krb5_mcc_list_node *ptr; - krb5int_random_string (context, uniquename, sizeof (uniquename)); + err = krb5int_random_string (context, uniquename, sizeof (uniquename)); + if (err) { + k5_mutex_unlock(&krb5int_mcc_mutex); + free(lid); + return err; + } for (ptr = mcc_head; ptr; ptr=ptr->next) { if (!strcmp(ptr->cache->name, uniquename)) { |